NPM JavaScript registry mishaps: What to do

The NPM registry of JavaScript packages has become a critical cog in the language’s ecosystem, letting developers discover and use reusable code packages. But for developers worried about systems crashing because packages they depend on were removed...

The NPM registry of JavaScript packages has become a critical cog in the language’s ecosystem, letting developers discover and use reusable code packages. But for developers worried about systems crashing because packages they depend on were removed from the registry, there are not a lot of options other than having your own backup system to cache packages.

The registry holds more than 600,000 packages, with 3.6 billion downloads a week. Smooth operations of applications can depend on packages in the registry staying active. One incident on Jan. 6, 2018, caused by a user being misidentified as a spammer, had NPM Inc. operators scrambling to remedy the situation on a Saturday. In March 2016, the deletion of a 17-line package, called left-pad, broke dependencies with other projects, including the Babel JavaScript compiler.